NEW YORK (CNNMoney) — Want to stop nasty worms from spreading on corporate networks? It would help if bosses stopped going to porn sites.
According to a recent survey by software firm ThreatTrack Security, 40% of tech support employees admit they’ve had to clean an executive’s corporate device after the boss visited an infected porn website.
The survey, conducted in October, shows that while it’s generally gotten easier for companies to defend themselves from outside attacks, bosses’ bad habits make it difficult to keep up. Here are some other mistakes executives make:
56% got malware from clicking on a bad link or getting duped by a fake “phishing” email. 47% attached an infected device, like a thumb drive or smartphone, to their PC. 45% got a virus when they let a family member use a company computer. 33% installed a malicious app on their company device.
Part of the problem is that employees are less cautious with their iPhones and Android smartphones than they are with their office computers, said Dipto Chakravarty, an engineering and products executive at ThreatTrack. But the risk is the same, because the devices are connected to a company’s network.
The problem seems to be getting worse now that many companies have adopted the “bring your own device” approach, allowing workers to connect to company networks with their personal devices.
Currently, 36% of companies have a BYOD policy, according to networking giant Cisco and the British telecom BT.
Companies quiet about hacks: The study also found that 57% of IT analysts say they’ve confronted a data breach that the company decided to keep secret from customers, partners or shareholders.
Smaller corporations are the least likely to hide that they’ve been hacked. Those spending less than $500,000 a year on IT security kept quiet less than 30% of the time. Mid-sized companies were most likely to keep things under wraps. Companies with budgets between $500,000 and $10 million remained mute about 76% of breaches.
But the largest companies — those spending more than $10 million annually on tech security — stayed silent on just 37.5% of cases.
Chakravarty said it’s understandable why some companies try to avoid the scrutiny that would come from admitting they’ve been hacked.
“It’s not in the company’s interest to admit there’s a data breach,” Chakravarty said, adding that the time and money spent to combat the problem will be “astronomically high.”
Companies are worried about losing their customers’ trust as well. If a business admits it has been hacked, consumers might worry about the firm’s ability to keep their credit cards or passwords protected — and take their business elsewhere.
But it looks like many of these data breaches could be avoided if executives just didn’t do stupid things like viewing porn on their phone.